Thursday, April 06, 2006

Goldbugs on the march. The price of gold hits 25-year high. Why? [Salon: How the World Works] 10:32:44 PM    comment []

Ask the pilot: What's the matter with airports? A tour of the loudest, weirdest and ugliest problems on the concourse. Two Fridays ago, USA Today's weekly "Destinations and Diversions" section ran a spotlight on airports. Drawing from the practical and peculiar features of various terminals around the country, staff writer Gene Sloan constructed a fantasy list of, at least in his mind, the perfect airport. His list of amenities that every airport should have ranged from the obvious and sensible (free wireless Internet, convenience stores) to the curious and esoteric (wine bars, rocking chairs). Actually, Sloan's layover Shangri-La sounds a lot like many places in Asia, Europe and the Middle East, where airports tend to be more pleasant and in sync with their core mission -- processing, comforting and distracting thousands of people for hours at a time. Singapore's unbeatable Changi Airport, for instance, might lack a wine bar, but it does have a swimming pool, a fitness center, a movie theater (free entry), waterfalls and koi ponds. I'm usually not one for the derivative knockoff route, but Sloan's picks got me thinking. My own fantasy terminal is pretty straightforward. It's a spacious, architecturally compelling place with cathedral ceilings (Washington-Reagan) and flooded with natural light (Chicago-O'Hare). It has a grand central atrium with centralized check-in (Frankfurt, Hong Kong). There is interior landscaping (Singapore). There is a public transportation link to and from the city center with in-terminal access (Amsterdam) and a minimum of fuss -- a rail connection that doesn't require a bus-to-train transfer (Boston), and that allows you to check your luggage at the downtown station (Kuala Lumpur). There are lockers and/or luggage storage facilities (Atlanta). And, most critical of all, there are concourse bookstores with common sense enough to stock copies of my bloody book (nowhere). [Salon] 10:32:31 PM    comment []

Dead Media Beat. Simson Garfinkel thinks that open-source is the key to fighting digital decay. http://www.technologyreview.com/InfoTech/wtr_16480,294,p1.html Simson Garfinkel, yes, his thoughtful comments consistently compel one's attention "These days, it's relatively easy to understand which formats will survive and be readable in 20 years' time and which are likely to go the way of the eight-track tape. "The key to survival, it turns out, is openness. . . . . [Beyond the Beyond] 5:38:58 AM    comment []

PLAY! - a Video Game Symphony [del.icio.us]. Symphony orchestras play video game music around the globe. By noemail@noemail.org (Jill). [jill/txt] 5:38:30 AM    comment []

(excerpts from) two blogs to no blogs. The Times is hiring a futurist. Too bad I'm too busy with the present right now.  EW has a screengrab of the Lost map that Locke saw, which you can now stare at for 20 uninterrupted minutes.   Steven Johnson is writing another book you probably should have written first. Onion A/V: Seven Songs With Factual Or Logical Mistakes In The Lyrics. New Yorker on Muzak.   You know what? My workspace ain't that much different from Bill's. Except I think I have bigger monitors. [Fimoculous.com] 5:37:58 AM    comment []

Few Students Seek Free Tutoring or Transfers From Failing Schools. Pointing to the disappointing results, Education Secretary Margaret Spellings threatened to withhold federal funds from states that do not make students aware of their choices. By SUSAN SAULNY. [NYT > Education] 5:37:28 AM    comment []

VOIP Encryption. There are basically four ways to eavesdrop on a telephone call. One, you can listen in on another phone extension. This is the method preferred by siblings everywhere. If you have the right access, it's the easiest. While it doesn't work for cell phones, cordless phones are vulnerable to a variant of this attack: A radio receiver set to the right frequency can act as another extension. Two, you can attach some eavesdropping equipment to the wire with a pair of alligator clips. It takes some expertise, but you can do it anywhere along the phone line's path -- even outside the home. This used to be the way the police eavesdropped on your phone line. These days it's probably most often used by criminals. This method doesn't work for cell phones, either. Three, you can eavesdrop at the telephone switch. Modern phone equipment includes the ability for someone to listen in this way. Currently, this is the preferred police method. It works for both land lines and cell phones. You need the right access, but if you can get it, this is probably the most comfortable way to eavesdrop on a particular person. Four, you can tap the main trunk lines, eavesdrop on the microwave or satellite phone links, etc. It's hard to eavesdrop on one particular person this way, but it's easy to listen in on a large chunk of telephone calls. This is the sort of big-budget surveillance that organizations like the National Security Agency do best. They've even been known to use submarines to tap undersea phone cables. That's basically the entire threat model for traditional phone calls. And when most people think about IP telephony -- voice over internet protocol, or VOIP -- that's the threat model they probably have in their heads. Unfortunately, phone calls from your computer are fundamentally different from phone calls from your telephone. Internet telephony's threat model is much closer to the threat model for IP-networked computers than the threat model for telephony. And we already know the threat model for IP. Data packets can be eavesdropped on anywhere along the transmission path. Data packets can be intercepted in the corporate network, by the internet service provider and along the backbone. They can be eavesdropped on by the people or organizations that own those computers, and they can be eavesdropped on by anyone who has successfully hacked into those computers. They can be vacuumed up by nosy hackers, criminals, competitors and governments. It's comparable to threat No. 3 above, but with the scope vastly expanded. My greatest worry is the criminal attacks. We already have seen how clever criminals have become over the past several years at stealing account information and personal data. I can imagine them eavesdropping on attorneys, looking for information with which to blackmail people. I can imagine them eavesdropping on bankers, looking for inside information with which to make stock purchases. I can imagine them stealing account information, hijacking telephone calls, committing identity theft. On the business side, I can see them engaging in industrial espionage and stealing trade secrets. In short, I can imagine them doing all the things they could never have done with the traditional telephone network. This is why encryption for VOIP is so important. VOIP calls are vulnerable to a variety of threats that traditional telephone calls are not. Encryption is one of the essential security technologies for computer data, and it will go a long way toward securing VOIP. The last time this sort of thing came up, the U.S. government tried to sell us something called "key escrow." Basically, the government likes the idea of everyone using encryption, as long as it has a copy of the key. This is an amazingly insecure idea for a number of reasons, mostly boiling down to the fact that when you provide a means of access into a security system, you greatly weaken its security. A recent case in Greece demonstrated that perfectly: Criminals used a cell-phone eavesdropping mechanism already in place, designed for the police to listen in on phone calls. Had the call system been designed to be secure in the first place, there never would have been a backdoor for the criminals to exploit. Fortunately, there are many VOIP-encryption products available. Skype has built-in encryption. Phil Zimmermann is releasing Zfone, an easy-to-use open-source product. There's even a VOIP Security Alliance. Encryption for IP telephony is important, but it's not a panacea. Basically, it takes care of threats No. 2 through No. 4, but not threat No. 1. Unfortunately, that's the biggest threat: eavesdropping at the end points. No amount of IP telephony encryption can prevent a Trojan or worm on your computer -- or just a hacker who managed to get access to your machine -- from eavesdropping on your phone calls, just as no amount of SSL or e-mail encryption can prevent a Trojan on your computer from eavesdropping -- or even modifying -- your data. So, as always, it boils down to this: We need secure computers and secure operating systems even more than we need secure transmission. This essay originally appeared on Wired.com. [Schneier on Security] 5:37:13 AM    comment []